1. Field of the Invention
The present invention relates to an access-controlling method, a repeater, and a server.
2. Description of the Related Art
First, in this specification, a position where information to be protected and a server which manages the protected information is called an inner position, and a position which communicates via a network is called an outer position in relation to the inner position.
An access control (called a firewall and a packet filtering) is now used in order to protect the inner position from illegal access. Illegal access is, for example, accessing an inner position illegally from the outer position, blocking inner-position service from an outer position, and carrying out confidential information from the inner position to the outer position. Devices which take charge of the access control are one of or both of a server itself which offers service, and a repeater which relays communication to the server (for example, a router etc.).
Prior references regarding the prior access control include reference 1 (published Japanese Patent Application Laid-Open No. Hei 8-44642), reference 2 (Japanese translation of PCT international application No. Hei 10-504168), and reference 3 (published Japanese Patent Application Laid-Open No. 2000-124955).
Prior references regarding bandwidth control in TCP/IP, which is a typical network protocol, IPSec, and FlowLabel of IPv6 include non-patented reference I (reference name: “Internet QoS,” coauthored by Paul Ferguson and Geott Huston, translation supervised by Iwao Toda, date of issue: May 5, 2000), non-patented reference 2 (reference name: RFC2401 “IP Encapsulating Security Payload (ESP),” coauthored by S. Kent and R. Atkinson, date of issue: November, 1998), and non-patented reference 3 (reference name: RFC2460 “Internet Protocol, Version6 (IPv6) Specification”, coauthored by S. Deering and R. Hinden, date of issue: November, 1998).
(Problem 1) Measures to P2P (Pier-to-Pier) Communication
In the prior access control, control of a choice between two alternatives of whether to transmit a packet or to discard the packet is basically performed.
When a server offers service currently open to the public completely, for example, the WEB service which can be accessed from the Internet, the access control is basically just to transmit the packet to the server.
When the server offers the service with which access is restricted to the fixed range, for example, the file-sharing service by which access is limited in a network in the company, all the packets out of the fixed range are to be discarded.
However, when the server offers mail service to a computer which belongs to an employee who moved outside the company on business trip, the above-described access control cannot deal with the case. It is because, in such a case, an IP address and a port number of the computer which belongs to the employee is changed, if the employee moves outside the company.
With references 1 to 3, some proposals are made to such a subject. However, these proposals are inadequate for P2P communication.
In these references, when the packet is transmitted to an outer position from an inner position, the judging condition of the access control is dynamically changed so that a packet in the reverse direction is allowed to be transmitted in judging transmission/discard of the packet. Thereby, it is supposed that bidirectional communication is performed between the outer position and the inner position.
However, with such an art, unless a packet is transmitted towards the outer position from the inner position, the bidirectional communication cannot be performed. In short, it is impossible to perform bidirectional communication after transmitting a packet to the inner position from the outer position first.
(Problem 2) Vulnerability over a DOS (Denial of Service) Attack
To cope with a problem 1, it is considered to set up a judging condition statically under which a packet that fulfills specific conditions is allowed to be transmitted. However, since an address of a terminal is dynamically set up by DHCP in the present ISP and a hot spot, it is next to impossible to lay down such specific conditions as a matter of fact.
If such a setup is performed, occurrence of DOS attack, by a person with malice who forges a packet which fulfills the judging conditions, cannot be prevented.
In reference 3, usable bandwidth is controlled by using traffic shaping against illegal access of the DOS attack. However, when the packet by illegal access and the packet by legal access are intermingling and flowing, the traffic shaping may result in restricting a bandwidth of communication by the legal access unjustly. Therefore, it is extremely difficult to limit the traffic shaping only to the packet by the illegal access.
(Problem 3) Measures to Encryption
In the prior access control, information in a packet is referred to in judgment of transmission/discard. However, when the packet is encrypted in order to prevent wiretapping by a third person, since the information in the packet cannot be referred to in the access control, the judgment of the transmission/discard becomes impossible.